diff options
author | Michael Boman <mboman@gentoo.org> | 2003-12-09 15:07:53 +0000 |
---|---|---|
committer | Michael Boman <mboman@gentoo.org> | 2003-12-09 15:07:53 +0000 |
commit | 5686156797aa016db80265760ee9cc4677fe51e7 (patch) | |
tree | 463297fa2d50f8c611868f30c545f61adb1ce19a /net-analyzer | |
parent | Added missing prelude config file. Added patch to correct snort's drop packet... (diff) | |
download | historical-5686156797aa016db80265760ee9cc4677fe51e7.tar.gz historical-5686156797aa016db80265760ee9cc4677fe51e7.tar.bz2 historical-5686156797aa016db80265760ee9cc4677fe51e7.zip |
Added missing prelude config file. Added patch to correct snort's drop packet calculations.
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/snort/Manifest | 4 | ||||
-rw-r--r-- | net-analyzer/snort/files/digest-snort-2.0.5-r2 | 2 | ||||
-rw-r--r-- | net-analyzer/snort/files/snort-drop-calculation.diff | 87 | ||||
-rw-r--r-- | net-analyzer/snort/snort-2.0.5-r2.ebuild | 108 |
4 files changed, 199 insertions, 2 deletions
diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest index a508dbd09cc4..f1859775a051 100644 --- a/net-analyzer/snort/Manifest +++ b/net-analyzer/snort/Manifest @@ -1,6 +1,6 @@ -MD5 a885df07d7d5c0fe3ac0bb6c4053904d ChangeLog 5515 +MD5 71eef3021a6fa205c114fd2b791fcf48 ChangeLog 5634 MD5 9c6b611339af7149d67f677a96d398db metadata.xml 930 -MD5 70bb07c78cda0a39fceeb1297ad34777 snort-2.0.5-r2.ebuild 3140 +MD5 850594c9049008dfc8e0123a0686224c snort-2.0.5-r2.ebuild 3140 MD5 6b8e74b31bd8b33a1abf5099637de1f1 snort-1.9.1-r3.ebuild 2280 MD5 195e5df4b9093a07bfb509cb9f7ecd0a snort-2.0.0.ebuild 2977 MD5 0c4f28771a4096a1dc044f13ea500bff snort-2.0.1-r1.ebuild 2734 diff --git a/net-analyzer/snort/files/digest-snort-2.0.5-r2 b/net-analyzer/snort/files/digest-snort-2.0.5-r2 new file mode 100644 index 000000000000..4351b0787e07 --- /dev/null +++ b/net-analyzer/snort/files/digest-snort-2.0.5-r2 @@ -0,0 +1,2 @@ +MD5 f129ee00a3d6e7b7c1ff4a1e1fba3a08 snort-2.0.5.tar.gz 1951308 +MD5 7fd78d7bb755227c5acec7bfecdb94f7 snort-prelude-reporting-patch-0.2.5.tar.gz 39277 diff --git a/net-analyzer/snort/files/snort-drop-calculation.diff b/net-analyzer/snort/files/snort-drop-calculation.diff new file mode 100644 index 000000000000..f246155611dd --- /dev/null +++ b/net-analyzer/snort/files/snort-drop-calculation.diff @@ -0,0 +1,87 @@ +--- src/util.orig 2003-10-01 16:17:50.000000000 +0200 ++++ src/util.c 2003-10-01 16:20:27.000000000 +0200 +@@ -916,13 +916,13 @@ + LogMessage("\n\n====================================" + "===========================================\n"); + LogMessage("Snort analyzed %d out of %d packets, ", +- ps.ps_recv, ps.ps_recv+ps.ps_drop); ++ ps.ps_recv - ps.ps_drop, ps.ps_recv); + + if(ps.ps_recv) + { + LogMessage("dropping %d(%.3f%%) packets\n\n", + ps.ps_drop, +- CalcPct( (float) ps.ps_drop, (float) (ps.ps_recv+ps.ps_drop) )); ++ CalcPct( (float) ps.ps_drop, (float) ps.ps_recv )); + } + else + { +@@ -931,44 +931,44 @@ + + LogMessage("Breakdown by protocol: Action Stats:\n"); + LogMessage(" TCP: %-10ld (%.3f%%)%-*sALERTS: %-10ld\n", +- pc.tcp, CalcPct((float) pc.tcp, recv + drop), ++ pc.tcp, CalcPct((float) pc.tcp, recv), + CalcPct((float)pc.tcp,recv + drop)<10?10:9 , " ", pc.alert_pkts); + LogMessage(" UDP: %-10ld (%.3f%%)%-*sLOGGED: %-10ld\n", +- pc.udp, CalcPct((float) pc.udp, recv + drop), ++ pc.udp, CalcPct((float) pc.udp, recv), + CalcPct((float)pc.udp,recv + drop)<10?10:9, " ", pc.log_pkts); + LogMessage(" ICMP: %-10ld (%.3f%%)%-*sPASSED: %-10ld\n", +- pc.icmp, CalcPct((float) pc.icmp, recv + drop), ++ pc.icmp, CalcPct((float) pc.icmp, recv), + CalcPct((float)pc.icmp,recv + drop)<10?10:9, " ", pc.pass_pkts); + LogMessage(" ARP: %-10ld (%.3f%%)\n", +- pc.arp, CalcPct((float) pc.arp, recv + drop)); ++ pc.arp, CalcPct((float) pc.arp, recv)); + LogMessage(" EAPOL: %-10ld (%.3f%%)\n", +- pc.eapol, CalcPct((float) pc.eapol, recv + drop)); ++ pc.eapol, CalcPct((float) pc.eapol, recv)); + LogMessage(" IPv6: %-10ld (%.3f%%)\n", +- pc.ipv6, CalcPct((float) pc.ipv6, recv + drop)); ++ pc.ipv6, CalcPct((float) pc.ipv6, recv)); + LogMessage(" IPX: %-10ld (%.3f%%)\n", +- pc.ipx, CalcPct((float) pc.ipx, recv + drop)); ++ pc.ipx, CalcPct((float) pc.ipx, recv)); + LogMessage(" OTHER: %-10ld (%.3f%%)\n", +- pc.other, CalcPct((float) pc.other, recv + drop)); ++ pc.other, CalcPct((float) pc.other, recv)); + LogMessage("DISCARD: %-10ld (%.3f%%)\n", +- pc.discards, CalcPct((float) pc.discards, recv + drop)); ++ pc.discards, CalcPct((float) pc.discards, recv)); + LogMessage("================================================" + "===============================\n"); + LogMessage("Wireless Stats:\n"); + LogMessage("Breakdown by type:\n"); + LogMessage(" Management Packets: %-10ld (%.3f%%)\n", + pc.wifi_mgmt, CalcPct((float) pc.wifi_mgmt +- , recv + drop)); ++ , recv)); + LogMessage(" Control Packets: %-10ld (%.3f%%)\n", + pc.wifi_control, CalcPct((float) pc.wifi_control +- , recv + drop)); ++ , recv)); + LogMessage(" Data Packets: %-10ld (%.3f%%)\n", + pc.wifi_data, CalcPct((float) pc.wifi_data +- , recv + drop)); ++ , recv)); + LogMessage("================================================" + "===============================\n"); + LogMessage("Fragmentation Stats:\n"); + LogMessage("Fragmented IP Packets: %-10ld (%.3f%%)\n", +- pc.frags, CalcPct((float) pc.frags, recv + drop)); ++ pc.frags, CalcPct((float) pc.frags, recv)); + LogMessage(" Fragment Trackers: %-10ld\n", + pc.frag_trackers); + LogMessage(" Rebuilt IP Packets: %-10ld\n", +@@ -987,7 +987,7 @@ + LogMessage("TCP Stream Reassembly Stats:\n"); + LogMessage(" TCP Packets Used: %-10ld (%-3.3f%%)\n", + pc.tcp_stream_pkts, +- CalcPct((float) pc.tcp_stream_pkts, recv + drop)); ++ CalcPct((float) pc.tcp_stream_pkts, recv)); + LogMessage(" Stream Trackers: %-10ld\n", pc.tcp_streams); + LogMessage(" Stream flushes: %-10ld\n", pc.rebuilt_tcp); + LogMessage(" Segments used: %-10ld\n", pc.rebuilt_segs); + + diff --git a/net-analyzer/snort/snort-2.0.5-r2.ebuild b/net-analyzer/snort/snort-2.0.5-r2.ebuild new file mode 100644 index 000000000000..ae66d76fe735 --- /dev/null +++ b/net-analyzer/snort/snort-2.0.5-r2.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.0.5-r2.ebuild,v 1.1 2003/12/09 15:07:38 mboman Exp $ + +inherit eutils + +DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/${P}.tar.gz + prelude? ( http://www.prelude-ids.org/download/releases/snort-prelude-reporting-patch-0.2.5.tar.gz )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~sparc -alpha" +IUSE="ssl postgres mysql prelude flexresp samba" +# snort 2.0.x does not support snmp yet Bug #26310 +# IUSE="${IUSE} snmp" + +DEPEND="virtual/glibc + >=net-libs/libpcap-0.6.2-r1 + flexresp? ( <net-libs/libnet-1.1 + >=net-libs/libnet-1.0.2a-r3 ) + postgres? ( >=dev-db/postgresql-7.2 ) + mysql? ( >=dev-db/mysql-3.23.26 ) + ssl? ( >=dev-libs/openssl-0.9.6b ) + prelude? ( >=dev-libs/libprelude-0.8 )" +# snmp? ( >=net-analyzer/net-snmp-5.0 ) +RDEPEND="virtual/glibc + dev-lang/perl + >=net-libs/libpcap-0.6.2-r1 + postgres? ( >=dev-db/postgresql-7.2 ) + mysql? ( >=dev-db/mysql-3.23.26 ) + ssl? ( >=dev-libs/openssl-0.9.6b ) + samba? ( net-fs/samba ) + prelude? ( >=dev-libs/libprelude-0.8 )" + +src_unpack() { + unpack ${A} + + cd ${S} + #is this needed in 2.0? -Method + #epatch ${FILESDIR}/${P}-configure.patch + use flexresp && epatch ${FILESDIR}/${PV}-libnet-1.0.patch + + epatch ${FILESDIR}/${P}-gcc3.patch + + epatch ${FILESDIR}/snort-drop-calculation.diff + + sed "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort:" < etc/snort.conf > etc/snort.conf.distrib + + use prelude && ( + epatch ../${P/.5/.2}-prelude.diff + sh ./autogen.sh + ) +} + +src_compile() { + local myconf + use flexresp && myconf="$myconf --enable-flexresp" # There is no --diable-flexresp, can't use use_enable + use samba && myconf="$myconf --enable-smbalerts" # There is no --diable-smbalerts, can't use use_enable + +# `use_with snmp` \ +# --enable-pthreads \ # Not supported, never was, and now also removed + + econf \ + `use_with postgres postgresql` \ + `use_with mysql` \ + `use_with ssl openssl` \ + `use_with prelude` \ + --without-odbc \ + --without-oracle \ + $myconf || die "bad ./configure" + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + dodir /var/log/snort + keepdir /var/log/snort/ + + insinto /usr/lib/snort/bin + doins contrib/{create_mysql,snortlog,*.pl} + + dodoc COPYING LICENSE doc/* + docinto contrib ; dodoc contrib/* + + insinto /etc/snort + doins etc/reference.config etc/classification.config rules/*.rules etc/*.map + use prelude && doins etc/prelude-classification.config + doins etc/snort.conf.distrib + + exeinto /etc/init.d ; newexe ${FILESDIR}/snort.rc6 snort + insinto /etc/conf.d ; newins ${FILESDIR}/snort.confd snort +} + +pkg_postinst() { + enewgroup snort + enewuser snort -1 /dev/null /var/log/snort snort + usermod -d "/var/log/snort" snort || die "usermod problem" + usermod -g "snort" snort || die "usermod problem" + usermod -s "/dev/null" snort || die "usermod problem" + echo "ignore any message about CREATE_HOME above..." + + chown snort:snort /var/log/snort + chmod 0770 /var/log/snort +} |